From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [KVM PATCH v3 2/2] kvm: add support for irqfd via
	eventfd-notification interface
Date: Sun, 3 May 2009 07:44:32 +0100
Message-ID: <20090503064432.GS8633@ZenIV.linux.org.uk>
References: <20090427182540.6646.96740.stgit@dev.haskins.net> <20090427183334.6646.90800.stgit@dev.haskins.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, avi@redhat.com,
	davidel@xmailserver.org
To: Gregory Haskins <ghaskins@novell.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:33858 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751143AbZECGoe (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 3 May 2009 02:44:34 -0400
Content-Disposition: inline
In-Reply-To: <20090427183334.6646.90800.stgit@dev.haskins.net>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Mon, Apr 27, 2009 at 02:33:34PM -0400, Gregory Haskins wrote:
> +	/* We re-use eventfd for irqfd */
> +	fd = sys_eventfd2(0, 0);
> +	if (fd < 0) {
> +		ret = fd;
> +		goto fail;
> +	}
> +
> +	/* We maintain a reference to eventfd for the irqfd lifetime */
> +	file = eventfd_fget(fd);
> +	if (IS_ERR(file)) {
> +		ret = PTR_ERR(file);
> +		goto fail;
> +	}
> +
> +	irqfd->file = file;

This is just plain wrong.  You have no promise whatsoever that caller of
that sucker won't race with e.g. dup2().  IOW, you can't assume that
file will be of the expected kind.